More and more users are relying on electronic devices, in particular, mobile devices, for day to day tasks such as banking, shopping, social networking, entertainment, etc. Mobile devices may communicate with a plurality of entities, e.g., mobile network operators, merchant servers, e-commerce sites, financial institutions, and such, in a distributed system to seamlessly execute these tasks.
Generally, each entity in a distributed system has its own memory to store data and/or code associated with certain applications pertaining to a user. Thus, for a payment application, security and privacy sensitive information may be stored in more than one entity, such as the mobile device, cloud and/or different servers in a distributed system.
However, in a distributed system, different entities may share a common state that may or may not share the same data. For example, in a distributed system comprising a plurality of entities, multiple instances of an application may exist on more than one entity. Thus, code and/or data may be shared between two or more entities. For example, a wallet application on a mobile device may share code and/or data between the mobile device, a wallet provider, and a back-end server associated with an issuer/payment processing network. Further, the mobile device may have code and/or data associated with the wallet application shared between different entities on the mobile device itself. For example, account related data (e.g., account numbers, expiration dates, user personal information, etc.) and cryptographic keys may be stored in a persistent storage (e.g., secure element) on the mobile device, whereas, the executable code for the wallet application may be stored in a system memory of the mobile device.
Having number of entities in a distributed system introduces a number of challenges. For example, in the above example, if the wallet application on the mobile device is uninstalled, it may result in discrepancies in the shared state between the mobile device, the wallet provider and the back end server. For example, the executable code for the wallet application resident in the system memory may be removed, but the account related data stored in the secure element may not be removed in the same way. The sensitive account related data associated with the de-installed wallet application left over in the secure element may be accessible by a new wallet application installed on the mobile device. This can consequently raise security concerns.
In another example, if a new operating system is installed on a mobile device or a mobile device is reset, there may be old data left over in the persistent storage of the mobile device that may not have been removed.
Embodiments of the invention address this and other problems, individually and collectively.